[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Feb 8 13:55:54 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
31898798 by Moritz Muehlenhoff at 2023-02-08T14:55:26+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,21 +33,21 @@ CVE-2023-0741
 CVE-2023-0740
 	RESERVED
 CVE-2023-0739 (Race Condition in Switch in GitHub repository answerdev/answer prior t ...)
-	TODO: check
+	NOT-FOR-US: Answer
 CVE-2023-0738
 	RESERVED
 CVE-2023-0737
 	RESERVED
 CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wall ...)
-	TODO: check
+	NOT-FOR-US: Wallabag
 CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...)
-	TODO: check
+	NOT-FOR-US: Wallabag
 CVE-2023-0734
 	RESERVED
 CVE-2023-0733
 	RESERVED
 CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2023-25588
 	RESERVED
 CVE-2023-25587
@@ -203,9 +203,9 @@ CVE-2023-0709
 CVE-2023-0708
 	RESERVED
 CVE-2023-0707 (A vulnerability was found in SourceCodester Medical Certificate Genera ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2023-0706 (A vulnerability, which was classified as critical, has been found in S ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2023-XXXX [RUSTSEC-2023-0004]
 	- rust-bzip2 0.4.4-1
 	[bullseye] - rust-bzip2 <no-dsa> (Minor issue)
@@ -337,7 +337,7 @@ CVE-2023-0689
 CVE-2023-0688
 	RESERVED
 CVE-2011-10003 (A vulnerability was found in XpressEngine up to 1.4.4. It has been rat ...)
-	TODO: check
+	NOT-FOR-US: XpressEngine
 CVE-2023-25498
 	RESERVED
 CVE-2023-25497
@@ -964,11 +964,11 @@ CVE-2022-48316
 CVE-2022-48315
 	RESERVED
 CVE-2015-10075 (A vulnerability was found in Custom-Content-Width 1.0. It has been dec ...)
-	TODO: check
+	NOT-FOR-US: Custom-Content-Width
 CVE-2015-10074 (A vulnerability was found in OpenSeaMap online_chart 1.2. It has been  ...)
-	TODO: check
+	NOT-FOR-US: OpenSeaMap
 CVE-2011-10002 (A vulnerability classified as critical has been found in weblabyrinth  ...)
-	TODO: check
+	NOT-FOR-US: weblabyrinth
 CVE-2023-25198
 	RESERVED
 CVE-2023-25197
@@ -986,13 +986,13 @@ CVE-2022-48312
 CVE-2023-25194 (A possible security vulnerability has been identified in Apache Kafka  ...)
 	- kafka <itp> (bug #786460)
 CVE-2022-4902 (A vulnerability classified as problematic has been found in eXo Chat A ...)
-	TODO: check
+	NOT-FOR-US: eXo Chat
 CVE-2020-36660 (A vulnerability was found in paxswill EVE Ship Replacement Program 0.1 ...)
 	NOT-FOR-US: paxswill EVE Ship Replacement Program
 CVE-2017-20177 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: WangGuard
 CVE-2015-10073 (A vulnerability, which was classified as problematic, was found in tin ...)
-	TODO: check
+	NOT-FOR-US: WikiSEO
 CVE-2023-25193 (hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to ...)
 	- harfbuzz <unfixed> (bug #1030612)
 	[bullseye] - harfbuzz <no-dsa> (Minor issue)
@@ -1062,7 +1062,7 @@ CVE-2023-0671 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0.
 CVE-2023-0670
 	RESERVED
 CVE-2023-0669 (Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authe ...)
-	TODO: check
+	NOT-FOR-US: Fortra GoAnywhere MFT 
 CVE-2023-0668
 	RESERVED
 CVE-2023-0667
@@ -1076,7 +1076,7 @@ CVE-2023-0664
 CVE-2023-0663 (A vulnerability was found in Calendar Event Management System 2.3.0. I ...)
 	NOT-FOR-US: Calendar Event Management System
 CVE-2022-48311 (**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2023-25173
 	RESERVED
 CVE-2023-25172
@@ -1464,7 +1464,7 @@ CVE-2023-25018
 CVE-2023-25017
 	RESERVED
 CVE-2023-25016 (Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1. ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Server
 CVE-2023-25015 (Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF ...)
 	NOT-FOR-US: Clockwork Web
 CVE-2023-25014 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...)
@@ -1973,9 +1973,9 @@ CVE-2016-15023 (A vulnerability, which was classified as problematic, was found
 CVE-2023-24831
 	RESERVED
 CVE-2023-24828 (Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions  ...)
-	TODO: check
+	NOT-FOR-US: Onedev
 CVE-2023-24827 (syft is a a CLI tool and Go library for generating a Software Bill of  ...)
-	TODO: check
+	NOT-FOR-US: syft
 CVE-2023-24826
 	RESERVED
 CVE-2023-24825
@@ -2001,7 +2001,7 @@ CVE-2023-24816
 CVE-2023-24815
 	RESERVED
 CVE-2023-24814 (TYPO3 is a free and open source Content Management Framework released  ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2023-24813 (Dompdf is an HTML to PDF converter written in php. Due to the differen ...)
 	- php-dompdf <unfixed>
 	NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-56gj-mvh6-rp75
@@ -2014,7 +2014,7 @@ CVE-2023-24810
 CVE-2023-24809
 	RESERVED
 CVE-2023-24808 (PDFio is a C library for reading and writing PDF files. In versions pr ...)
-	TODO: check
+	TODO: check, might affect src:ippsample
 CVE-2023-24807
 	RESERVED
 CVE-2023-24806
@@ -4283,9 +4283,9 @@ CVE-2023-23946
 CVE-2023-23945
 	RESERVED
 CVE-2023-23944 (Nextcloud mail is an email app for the nextcloud home server platform. ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud mail
 CVE-2023-23943 (Nextcloud mail is an email app for the nextcloud home server platform. ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud mail
 CVE-2023-23942 (The Nextcloud Desktop Client is a tool to synchronize files from a Nex ...)
 	TODO: check
 CVE-2023-23941 (SwagPayPal is a PayPal integration for shopware/platform. If JavaScrip ...)
@@ -28730,9 +28730,9 @@ CVE-2022-42953 (Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720,
 CVE-2022-42952
 	RESERVED
 CVE-2022-42951 (An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6 ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Server
 CVE-2022-42950 (An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Server
 CVE-2022-42949 (Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissi ...)
 	NOT-FOR-US: Silverstripe
 CVE-2017-20149 (The Mikrotik RouterOS web server allows memory corruption in releases  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31898798e0399b4d1c9d192f742eb6ebd9be0db7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31898798e0399b4d1c9d192f742eb6ebd9be0db7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230208/09d13d70/attachment.htm>

More information about the debian-security-tracker-commits mailing list